Project overview
The overall aim of CyberKit4SME is to democratize advanced cyber security methods for SMEs and MEs, in order to:
Enable SMEs and MEs to monitor and forecast cybersecurity risks by equipping them with advanced, but low-cost and easy-to-use tools that will allow them to both assess the cybersecurity risks of their business’s IT infrastructure at design-time (following an asset-based risk assessment approach aligned with ISO 27005) and to monitor and update risk level assessments in real-time to detect potential threats without frequent recourse to expensive cybersecurity experts including consultants.
Raise SMEs and MEs’ awareness of cybersecurity risks, vulnerabilities and attacks through training in the use of these tools, and by analysing organisational and human factors that affect risk levels in their business; making educational material available for their employees to promote safe behaviour; facilitating their participation to cyber ranges as part of the training experience, and fostering a resilient community of SMEs and MEs by promoting information exchange with CERT/CSIRTs and other SMEs and MEs on cybersecurity incidents.
Support SMEs and MEs to manage their security, privacy and personal data protection risks by providing a wide-ranging set of tools that will allow them to implement risk mitigation measures based on a sophisticated risk analyses for their information networks, including end-to-end data protection using advanced encryption techniques to ensure confidentiality and integrity for data stored, transferred and processed onsite or in the cloud, and SIEM technology to help them prevent, detect and recover from cyber-attacks.
Equip SMEs and MEs with an online collaborative, security information sharing and incident reporting system by providing a blockchain platform through which SMEs and MEs will be able to securely share cybersecurity information in supply chains and with CERTS to improve risk monitoring and facilitate preparedness and responses to cyber-attacks, engage in a collective response to cyber security risks, and implement mandatory cybersecurity incident reporting.
Enable SMEs and MEs to monitor and forecast cybersecurity risks by equipping them with advanced, but low-cost and easy-to-use tools that will allow them to both assess the cybersecurity risks of their business’s IT infrastructure at design-time (following an asset-based risk assessment approach aligned with ISO 27005) and to monitor and update risk level assessments in real-time to detect potential threats without frequent recourse to expensive cybersecurity experts including consultants.
Raise SMEs and MEs’ awareness of cybersecurity risks, vulnerabilities and attacks through training in the use of these tools, and by analysing organisational and human factors that affect risk levels in their business; making educational material available for their employees to promote safe behaviour; facilitating their participation to cyber ranges as part of the training experience, and fostering a resilient community of SMEs and MEs by promoting information exchange with CERT/CSIRTs and other SMEs and MEs on cybersecurity incidents.
Support SMEs and MEs to manage their security, privacy and personal data protection risks by providing a wide-ranging set of tools that will allow them to implement risk mitigation measures based on a sophisticated risk analyses for their information networks, including end-to-end data protection using advanced encryption techniques to ensure confidentiality and integrity for data stored, transferred and processed onsite or in the cloud, and SIEM technology to help them prevent, detect and recover from cyber-attacks.
Equip SMEs and MEs with an online collaborative, security information sharing and incident reporting system by providing a blockchain platform through which SMEs and MEs will be able to securely share cybersecurity information in supply chains and with CERTS to improve risk monitoring and facilitate preparedness and responses to cyber-attacks, engage in a collective response to cyber security risks, and implement mandatory cybersecurity incident reporting.
Staff
Lead researchers
Other researchers
Collaborating research institutes, centres and groups
Research outputs
Brian Pickering, Nic Fair, Stephen C. Phillips & Dan Shearer,
2024
Type: conference
Stephen C. Phillips, Steve Taylor, Michael Boniface, Stefano Modafferi & Mike Surridge,
2024, IEEE Access, 12, 82482-82505
Type: article
2023
Type: conference
Stephen Phillips, Brian Pickering, Michael Boniface, Michael Surridge, Stefano Modafferi & Steve Taylor,
2022
Type: other